Masterclass on the DID Universal Resolver

Masterclass on the DID Universal Resolver
Markus Sabadello
Danube Tech, Decentralized Identity Foundation,
Sovrin Foundation, W3C VCWG, W3C CCG, OASIS XDI TC
https://danubetech.com/
Identiverse, Boston, 27th
June 2018

Masterclass on the DID Universal Resolver
1. Decentralized Identifiers (DIDs)
2. DID Universal Resolver
3. What to do with DIDs?

Decentralized Identifiers (DIDs)
 Motivation:
 Emerging paradigm of “self-sovereign identity” (SSI).
 Digital identity that does not depend on central authorities or intermediaries.
 Digital identity, relationships, data sharing, messaging, etc. requires identifiers.
 Today’s identifiers are not “self-sovereign” (they can be taken away from you).
 DIDs are:
 “Self-sovereign” identifiers for individuals, organizations, things.
 Persistent, decentralized, dereference-able, cryptographically verifiable.
 Registered using wallets and blockchains, or other decentralized architectures.
 DIDs are not:
 DNS-based identifiers.
 A standard or broadly adopted (yet).
 Human-memorable (like usernames or e-mail addresses).

 Background:
 W3C Web Payments Working Group and Verifiable Claims Task Force
 OASIS XDI TC Registry Working Group
 Internet Identity Workshop, Rebooting-the-Web-of-Trust
 Grant by U.S. Department of Homeland Security
 Decentralized Public Key Infrastructure DPKI (December 2015)
 Decentralized Identifiers 1.0 Implementer’s Draft 01 (November 2016)
 More Community Drafts (2017-2018)
 W3C Working Group (2019)

 Example DID:
 Registered in a blockchain or other decentralized network, without intermediary.
 Generation and control over DID lies with identity owner (e.g. through private keys in a wallet).
 Ledger-agnostic.

DID Resolution
 DID Resolution: DID → DID Document
 Set of public keys
 Set of service endpoints
 Timestamps, proofs
 Other identifier metadata
 May be dynamically constructed
rather than actually stored in this form.
 Resolution parameters can select
parts of the DID document.
{
"@context": "https://w3id.org/did/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw",
"service": {
"type": "hub",
"serviceEndpoint":
"https://azure.microsoft.com/dif/hub/did:sov:WRfXPg8dantKVubE3H"
},
"publicKey": [
{
"id": "did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDmqPV"
}
],
"authentication": {
"type": "Ed25519SignatureAuthentication2018",
"publicKey": [
"did:sov:WRfXPg8dantKVubE3HX8pw#key-1"
]
}
}
 Example DID Document:

DID Methods
 Different DID “methods”:
 did:sov, did:btcr, did:v1, did:uport, …
 Different methods have different strengths
 Define method-specific syntax
 Define CRUD for DIDs:
 Create, Read (Resolve), Update, Delete (Revoke)
 All methods need:
 A DID method specification (W3C)
 An implementation of a “resolver”
Method DID Prefix
Sovrin did:sov:
Veres One did:v1:
uPort did:uport:
Bitcoin did:btcr:
Blockstack did:stack:
ERC725 did:erc725:
IPFS did:ipid:

DID Universal Resolver
 Looks up (“resolves”) DID to its
DID Document.
 Provides a universal API that works
with all DID methods.
 Uses a set of configurable “drivers”
that know how to connect to the
target system.
 Can return metadata about the
resolution process.
 https://uniresolver.io/

 Open Source maintained by Decentralized Identity Foundation.
 Can be built and deployed using Docker containers.
 Can be deployed and used in different ways:
 as a hosted service.
 from a command line.
 integrated in client applications.
 Community maintains “drivers”.

 Demo + Discussion

Verifiable Credentials
 Example:
{
"@context": "https://w3id.org/credentials/v1",
"id": "did:sov:WRfXPg8dantKVubE3HX8pw/credentials/1",
"type": ["Credential", "NameCredential"],
"issuer": "did:sov:WRfXPg8dantKVubE3HX8pw",
"issued": "2018-05-01",
"claim": {
"id": "did:btcr:x6lj-wzvr-qqrv-m80w",
"name": "Jane Doe"
},
"proof": {
"type": "RsaSignature2018",
"created": "2017-06-18T21:19:10Z",
"creator": "did:sov:WRfXPg8dantKVubE3HX8pw#key-1",
"nonce": "c0ae1c8e-c7e7-469f-b252-86e6a0e7387e",
"signatureValue": "BavEll0/I1zpYw8XNi1bgVg/sCneO4Jugez8RwDg/+
MCRVpjOboDoe4SxxKjkCOvKiCHGDvc4krqi6Z1n0UfqzxGfmatCuFibcC1wps
PRdW+gGsutPTLzvueMWmFhwYmfIFpbBu95t501+rSLHIEuujM/+PXr9Cky6Ed
+W3JT24="
}
}

DID Auth
 DID-based authentication protocol.
 Identity owner interacts with a
relying party.
 Prove control over a DID using a
cryptographic challenge/response
protocol.
 Uses “publicKey” and “authentication”
blocks in a DID document.
 Different architectures and scenarios.
 See RWoT did_auth_draft.md

Agents, Hubs, Personal Data Stores, etc.
Identity Owner Layer
Edge/App Layer
Cloud/Agent Layer
Blockchain/DLT Layer
Things
Companies,
Public Institutions
Individuals
DIDs DIDs

Other Topics
 Decentralized Key Management System: DKMS
 Encryption protocols: DID-TLS, DID-PGP, DID-SSH
 Human-readable names: DID Names, ENS, BNS, e.g. “markus.id”
 Off-ledger DIDs: stored only on peer-to-peer microledgers; GDPR compliance
 Pairwise-pseudonymous DIDs: support “directed identity”; avoid correlation
 Integration of DIDs with OAuth 2, OpenID Connect, FIDO WebAuthn, UMA
 Integration of DIDs with HTTP URIs, Semantic Web, Linked Data Platform, ActivityPub,
WebID, Solid, XDI
 Other DID tools: Universal Registrar, did-client CLI

Rebooting-the-Web-of-Trust
Internet Identity Workshop
DIDs: W3C Credentials CG
v0.10 Draft Community Report
DIDs: W3C DID WG
Charter now being written
Yadis, XRI, XRD, XRDS,
JRD, Webfinger
DID registered
prov. URI scheme
DID method specs
W3C Web Payments CG
OASIS XDI TC
W3C JSON-LD 1.1
W3C Cryptographic Suites
RFC 7517: JWK
Verifiable Credentials
DKMS, DID Auth
Hubs, Agents, XDI

Thank You
 https://danubetech.com/
 markus@danubetech.com
 Decentralized Identity Foundation: https://identity.foundation/
 Universal Resolver: https://uniresolver.io/

Masterclass on the DID Universal Resolver

More Related Content

What's hot

Similar to Masterclass on the DID Universal Resolver

More from Markus Sabadello

Recently uploaded

Masterclass on the DID Universal Resolver